Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

7,187 advisories

Loading
A vulnerability, which was classified as critical, was found in AlanBinu007 Spring-Boot-Advanced... Moderate Unreviewed
CVE-2025-4175 was published May 2, 2025
Vite's server.fs.deny bypassed with /. for files under project root Moderate
CVE-2025-46565 was published for vite (npm) Apr 30, 2025
chienhm
Apache Ivy does not verify target path when extracting the archive Critical
CVE-2022-37865 was published for org.apache.ivy:ivy (Maven) Nov 7, 2022
The Permission Model assumes that any path starting with two backslashes \ has a four-character... Low Unreviewed
CVE-2024-37372 was published Jan 9, 2025
The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions... Moderate Unreviewed
CVE-2024-11615 was published May 5, 2025
A vulnerability was found in 74CMS up to 3.33.0. It has been rated as problematic. Affected by... Moderate Unreviewed
CVE-2025-4329 was published May 6, 2025
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote... High Unreviewed
CVE-2024-27984 was published Apr 19, 2024
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote... High Unreviewed
CVE-2024-27976 was published Apr 19, 2024
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote... High Unreviewed
CVE-2024-27977 was published Apr 19, 2024
foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the... Critical Unreviewed
CVE-2025-45238 was published May 5, 2025
Apache DolphinScheduler vulnerable to Path Traversal Moderate
CVE-2022-34662 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Nov 1, 2022
DotNetZip Zip-Slip Vulnerability Moderate
CVE-2018-1002205 was published for DotNetZip (NuGet) Oct 16, 2018
Dell Storage Center - Dell Storage Manager, version(s) 20.0.21, contain(s) an Improper Limitation... Low Unreviewed
CVE-2025-22479 was published May 6, 2025
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote... High Unreviewed
CVE-2024-24997 was published Apr 19, 2024
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote... High Unreviewed
CVE-2024-24999 was published Apr 19, 2024
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote... High Unreviewed
CVE-2024-25000 was published Apr 19, 2024
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote... High Unreviewed
CVE-2024-24994 was published Apr 19, 2024
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote... High Unreviewed
CVE-2024-23535 was published Apr 19, 2024
A parsing issue in the handling of directory paths was addressed with improved path validation.... Moderate Unreviewed
CVE-2022-32938 was published Nov 2, 2022
Archiver Path Traversal vulnerability Moderate
CVE-2024-0406 was published for github.com/mholt/archiver (Go) Apr 6, 2024
kbsteere
Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System... Moderate Unreviewed
CVE-2022-42055 was published Oct 27, 2022
A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard... High Unreviewed
CVE-2024-20348 was published Apr 3, 2024
A vulnerability in the application data endpoints of Cisco Catalyst SD-WAN Manager, formerly... Moderate Unreviewed
CVE-2025-20187 was published May 7, 2025
A vulnerability in Cisco Emergency Responder could allow an authenticated, remote attacker to... Moderate Unreviewed
CVE-2024-20352 was published Apr 3, 2024
Path traversal vulnerability in the DFS module Impact: Successful exploitation of this... Moderate Unreviewed
CVE-2025-31174 was published Apr 7, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database